libksba: possible NULL pointer dereference
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Jakuje
	Aug 18 2021, 11:35 AM

Description

There is one more new possible NULL pointer dereference in libksba (similar one for LONG and MEM types):

1. libksba-1.5.1/src/asn1-func.c:169:29: warning[-Wanalyzer-null-dereference]: dereference of NULL 'value'
13. libksba-1.5.1/src/asn1-func.c:44: included_from: Included from here.
15. libksba-1.5.1/src/asn1-func.c:185:3: note: in expansion of macro 'return_if_fail'
21. libksba-1.5.1/src/asn1-func.c:44: included_from: Included from here.
23. libksba-1.5.1/src/asn1-func.c:130:3: note: in expansion of macro 'return_if_fail'
29. libksba-1.5.1/src/asn1-func.c:44: included_from: Included from here.
31. libksba-1.5.1/src/asn1-func.c:168:7: note: in expansion of macro 'return_if_fail'
#   167|       case VALTYPE_ULONG:
#   168|         return_if_fail (sizeof (unsigned long) == len);
#   169|->       node->value.v_ulong = *(unsigned long *)value;
#   170|         break;
#   171|

It should be fixed with the simple check for NULL, especially when the comment above the function says:

[...] With VALUE of NULL or LEN of 0 the value field is deleted

libksba.patch820 BDownload

Revisions and Commits

rK libksba
	rKc242f31b6d52 Avoid warnings about NULL ptr deref in ASN.1 helpers.

Event Timeline

Jakuje created this task.Aug 18 2021, 11:35 AM

I added some asserts. However I doubt that it can be hit by LibKSBA. I also fixed a real bug related to VALTYPE_BOOL - but that is also not used in Libksba.

• werner added a commit: rKc242f31b6d52: Avoid warnings about NULL ptr deref in ASN.1 helpers..Aug 18 2021, 4:21 PM

• werner closed this task as Resolved.Aug 18 2021, 6:22 PM

• werner claimed this task.

libksba: possible NULL pointer dereferenceClosed, ResolvedPublicActions

Description

Revisions and Commits

Event Timeline

libksba: possible NULL pointer dereference
Closed, ResolvedPublic
Actions